Crytohippie provides a paid OpenVPN service with a 30 day money back guarantee as long as you don’t use more than 2GB. The service costs $275 for 15GB per month traffic for one year (no other payment plans) and makes claims as to its technologically secure network (CHAVPN Network) and separation of US and Panama administrations. In fact, Cryptohippie only has servers in the Netherlands and all server activities are in this one jurisdiction. The OpenVPN technology is standard open source fare and the server network claims are unsubstantiated.

Crytohippie provides the OpenVPN standard with a browser based login page. The OpenVPN application has no features and you cannot switch servers (there are no servers to switch to in any event). The Privacy Policy is incomprehensible gibberish written to impress. This review only covers Cryptohippie’s Open VPN service for the RoadRunner application.

This is simple standard OpenVPN standard technology with a small server network in one country, The Netherlands. Crytohippie appears to be less than honest about the technology of its server network and other claims. The service began in 2007 but management claims it has been around since 2003. The CEO claims to be a well know author but he is not found in a Google search. Management is based in the USA and the server network in The Netherlands, a US ally. The service appears to have many similarities to another VPN service we tested: Xerobank.

CryptoHippie VPN PROS:
• 30 day money back guarantee
• Good and attentive support

CryptoHippie VPN CONS:
• No server network outside of The Netherlands
• Management claims server multi hopping to various jurisdictions, but this claim is unsubstantiated
• Claimed network configuration cannot be verified
• Exit servers only in 1country – a cooperative region
• OpenVPN standard applications with NO features
• Non-user friendly software application, inconvenient to use
• No automation on start up
• Does not provide a fastest server in the application- so you can’t chose a server with low latency
• Dynamic IP with no Fixed IPs for using with PayPal & Credit Card merchants
• Poor FAQs, no knowledge base
• 15GB bandwidth limitation per month and deducts time from the annual contract at a rate of 1 Euro/GB – Every 16GB over loses you a month on the contract.
• Incomprehensible Privacy Policy
• Management is predominantly located in the USA
• Although there is an extensive team at the website, there appears to be no information about the management on Google search

Full Review

From Order to Installation:

Crytohippie provides an annual subscription only to their RoadWarrior account (OpenVPN) product which costs $275. No monthly subscriptions. If you want to test the product, you need to provide your credit card details and sign up and if you use less than 2GB within 30 days you can cancel your subscription and (hopefully) get your money back.

With Crytohippie your account is up and running within 1 hour if you use a credit card (in my case it took 15 minutes). I received my login credentials in a few minutes after providing my credit card details.

From the moment your Client ID and password are provided to you, you can download the VPN software:

and was able to connect with Crytohippie a few minutes later.

Crytohippie utilizes the standard OpenVPN by openvpn.org created by James Jonan in 2001. No new technology here, just the standard OpenVPN fare.

Even the note to Vista users is the same:

To check whether in fact this is any different from the standard OpenVPN go to the config file and the README:

“This directory should contain OpenVPN configuration files each having an extension of .ovpn

When OpenVPN is started as a service, a separate OpenVPN process will be instantiated for each configuration file.”

This means that you now have to run another CryptoHippie program that will install your certificates in the OpenVPN config file:

Software/GUI:

After download and execution of the CrytoHippie program, you will be surprised to find that there is no desktop icon but you have to use the sys tray OpenVPN icon. For $275 per year, CryptoHippie didn’t even bother to provide a convenient desktop icon. Well, that can be remedied by finding the program in your startup and copying the OpenVPN GUI icon to your desktop. The first time you run the application you will get:

After you log on the first time, you will just get a browser page requesting your login credentials.

CryptoHippie employs OpenVPN standard application with no modifications. The application is the unmodified OpenVPN format that requires it to be opened with admin permissions (Windows & and Vista), login credentials have to be entered for each launch of the application (no possibility to save password); server has to be chosen for each launch, as in full OpenVPN implementation:

Whenever you log into your account from the sys tray icon, you get a browser VPN login:

Put in your login credentials and:

Updates/General Info: This is the Opensource OpenVPN update which can be updated at www.openvpn.org

Separately, the license agreement states:

4. Data traffic between the user and the router shall be a maximum of 15 Gigabytes (GB) per month. Additional traffic will be billed (pro-rated) to the user at a rate of 1 Euro/GB. Cryptohippie USA will reduce the length of the user’s contract accordingly.

This means that if you are 5GB over per month for 4 months, you would lose nearly 1.7 months from your annual contract! And there is no definition in the contact about how the GB is calculated or the exchange rate they use.

Ease of Use:

As this is the standard OpenVPN application, it is not very user friendly. It cannot be automated for startup of the computer and requires some 5 clicks to start each time. One always has to re-connect the server if you want to change between the 3 options provided by Cryptohippie. If one needs to restart this application a couple of times a day, it’s tiresome.

Features:

CryptoHippie has all of the standard features of OpenVPN but has not added any application features of its own to the standard OpenVPN configuration. It has no automated features, choice of fast servers or other features that the better VPNs have and this basic OpenVPN application is a nuisance.

CryptoHippie doesn’t offer dedicated IP option which complicates online shopping and banking as the merchants and third-party payment processors see multiple IPs which will trigger fraud alerts. Also there is no way of knowing in advance which server is currently not available or slow due to its location or current load.

CryptoHippie claims that it provides an assigned IP to users but this is just a standard feature of the basic OpenVPN off the shelf application.

Server Network: Location, Availability & Speed:

CrytoHippie has servers in the Netherlands only. None of the servers are in non-cooperative or off shore jurisdictions so from a security point of view this VPN does provide you with any anonymity or privacy.

This is a rather simple OpenVPN set up with a server in the Netherlands with a masked IP. There doesn’t appear to be any multi hopping or port forwarding as suggested on their website.

Also strange is that the peer connection appears to resolve to the same as that of another VPN service which we reviewed: Xerobank.

So let’s look at this a bit deeper:

Now after all the hoopla about the technology in the server network you would expect to exit on a different server jurisdiction then you were linked to in OpenVPN. At least that is what is advertised and confirmed by an email I received from CryptoHippie. But in fact the entry server and exit server appear to be the same:

Cryptohippie writes in their ‘Our Technology’:

KEY TECHNOLOGIES
We support both OpenVPN and IPSec access to our network, operating as follows:

So what does this tell us? No “Jurisdictional routing”. The same server at LeaseWeb B.V. in Amsterdam, Netherlands is being used for the OpenVPN connection as is the exit server. The IP address is just another IP in the same range.

So let’s try the TCP connection which is the second one down in the OpenVPN GUI:

And lo and behold:

The same entry server I used with the bad conn connection and the log data is from the same server group and IP range as well:
TCPv4_CLIENT link remote: 85.17.83.194:443
Initial packet from 85.17.83.194:443

And the server in the log is:

85.17.83.194 server location:
Amsterdam in Netherlands

85.17.83.194 ISP:
LeaseWeb B.V.

Hmmm, ok, let’s try the last connection, the UDP connection and see the results of the exit server IP:

Well, if that isn’t the same server I used to open the OpenVPN TCP connection!

And the log for the UDP connection:
UDPv4 link remote: 85.17.83.195:1194
TLS: Initial packet from 85.17.83.195:1194

And this is the same exit server for the TCP connection.

So it appears these guys have a couple of servers in the Netherlands and claim it’s a sophisticated network performing all sorts of multi hops and jurisdiction routing, etc. Looks like hogwash to me! Time to see if I can get my money back!

Without CrytoHippie the ping time was 152ms, so there was some latency (8%) on this server test at 5.30PM EST.

Presale Support to Product Help & Support:

All presale questions are answered expeditiously if not always providing straight forward answers.

Post-sale support is done by mail (no ticket system, live chat, etc). Their email response was very quick and helpful. Their stated response time is 12-24 hours but I had email responses in a couple of hours. But no FAQs, knowledge base or manual.

Scope of Protection:

Protocols:

Utilizing standard VPN protocols, Cryptohippie changes your IP and provides you with a dynamic IP generated from any of its servers. Each time you connect, you will receive another IP address. This is standard OpenVPN security but it has the downside that if you want to connect to PayPal or to your credit card merchant with a VPN and your IP changes every time you connect, PayPal will likely put your account on hold because they are suspicious of changing IP addresses. Its best to use a VPN that provides both shared and a fixed IP so that you are safe but can deal with your shopping online in a convenient way.

Protocols: OpenVPN tested only

Crytohippie does not support IPv6 or port forwarding. SMTP mail is not permitted.

Encryption: Pending Test

Encryption Strength Specified: 256 Bit AES

The effectiveness of any VPN provider is dependent on how effective is the encryption. Our independent encryption Test of CrytoHippie is to be completed by September 30th and will be posted here then.

Server Security: Pending Test

To be independently tested pending permission from CrytoHippie.

Privacy:

VPN providers that are based in cooperative jurisdictions and have servers in other cooperative jurisdictions cannot protect your data as it is transmitted across their servers. By definition a court order in cooperative regions can force Crytohippie to log, cache and submit any information to local and international authorities not withstanding Cryptohippie’s current Privacy Policy to the contrary. Cryptohippie is a USA company headquartered in Illinois that claims it has a Panama based company running its server network and that the shareholding is unknown. I doubt a US based judge would buy this convoluted story. He would simply slap an order on the US company and dare the owners to breach the order. And as all of the servers are actually sitting in the Netherlands, a strong ally of the US, the court order in the US would have the Dutch host caching and logging before you know it.

CrytoHippie convoluted Privacy Policy:

9. The user acknowledges that Cryptohippie USA and Cryptohippie, Inc. (Panama) are separate, independent organizations. Cryptohippie, Inc. (Panama) builds and operates the CHAVPN network, but has no contact with customers. Cryptohippie USA provides all customer service and is a reseller of Cryptohippie, Inc. products, but has no access to the traffic information of the user.
10. Cryptohippie USA will retain user payment information in encrypted form.
11. Cryptohippe, Inc. (Panama) may log outgoing SMTP (mail) connection IP associations by target for a maximum period of 48 hours, to prevent security-relevant abuse. All logs are fully encrypted and require multiple parties to decode. Furthermore, logs are structured in such a way that to build traffic patterns is impossible but only identify single abusive outgoing connections. Further logging may occur when compelled by legal order. In case of elevated logging requirements per destination due to court order, CH USA provides a per client option to block all user traffic to such a destination.
12. Violation of these terms of service is grounds for immediate disconnection.
13. These terms of service further include the policies of Cryptohippie, Inc. (Panama).
14. This agreement shall be governed and construed according to the laws of the State of Illinois and venue for any legal action relative to this agreement shall lie only in the Cook County Court system or in the appropriate Federal Court for Northeastern Illinois

There is no way to verify what they log and cache. USA VPNs that are prominently located in the US are not secure by definition.

CryptoHippie VPN Review Summary

This is simple standard OpenVPN standard technology with a small server network in one country, The Netherlands. Crytohippie appears to be less than honest about the technology of its server network and other claims. The service began in 2007 but management claims it has been around since 2003. The CEO claims to be a well know author but he is not found in a Google search. Management is based in the USA and the server network in The Netherlands, a US ally. The service appears to have many similarities to another VPN service we tested: Xerobank.

CryptoHippie VPN PROS:
• 30 day money back guarantee
• Good and attentive support

CryptoHippie VPN CONS:
• No server network outside of The Netherlands
• Management claims server multi hopping to various jurisdictions, but this claim is unsubstantiated
• Claimed network configuration cannot be verified
• Exit servers only in 1country – a cooperative region
• OpenVPN standard applications with NO features
• Non-user friendly software application, inconvenient to use
• No automation on start up
• Does not provide a fastest server in the application- so you can’t chose a server with low latency
• Dynamic IP with no Fixed IPs for using with PayPal & Credit Card merchants
• Poor FAQs, no knowledge base
• 15GB bandwidth limitation per month and deducts time from the annual contract at a rate of 1 Euro/GB – Every 16GB over loses you a month on the contract.
• Incomprehensible Privacy Policy
• Management is predominantly located in the USA
• Although there is an extensive team at the website, there appears to be no information about the management on Google search

Editor’s Rating

Order to Installation

Software/GUI

Ease of Use

Features

Network & Speed

Help & Support

Scope of Protection

Overall Rating

Features Overview

Cryptohippie Service Description

Price:

275 USD per year

Bandwidth Limitations:

15 Gb per month

Server Locations:

NL, DE, US

Data Logging:

Outgoing SMTP; on exit nodes depending on jurisdiction the data is stored for 7 days to 6 months

The times a session starts and ends, traffic usage, internal IP address and token of a session

Cryptohippie Company Information

Location:

US, Panama

In business since

2007

Other Security Products:

Location Agnostic Servers – Servers that cannot be located by any normal means

Information incomplete or incorrect? Please let me know!

CryptoHippie VPN Review2.8214285714285716lana2010-08-25 16:42:32Crytohippie provides a paid OpenVPN service with a 30 day money back guarantee as long as you don’t use more than 2GB. Does CryptoHippie VPN offer the best VPN accounts on the market? The only independent Best VPN Reviews site tests and reviews all paid and free VPN providers.

5 User Reviews »

A satisfied Cryptohippie user & non-tecchie asked our
contact there about this negative review above. Here is his answer in full to my friend P. Galant:

Hi Lucky. Usually we don’t respond to these things. There have been others, and defending ourselves has never changed their minds – they have some internal need to trash people, and so they do.

For you, however, I’ll do it. :)

I’m not sure if this reviewer was incompetent or malicious, but he is simply wrong. We have servers in Holland, but we also have them in many other jurisdictions, and at no time to do our Road Warrior accounts take a single hop. It is always two or more. Any competent network engineer can verify that fact easily. Why these people didn’t, I don’t know.

Our network is 100% offshore. We do have separate sales corporations in other places (our US sales office will be closing soon), but they share no data with the network. We are serious about this stuff. All of us here had other careers before starting CH – we’re not doing this as a desperate last resort. We’re doing it because it matters.

If anyone wants to know the facts, they can spend some time on our web pages and they are free to ask us questions. We always answer. So far as I know, these people never asked us anything. My guess is that they didn’t want to know. There’s nothing we can do about that.

1. There are only Dutch and German servers, no others that can be seen by differentiating IPs. Cascading and multi hopping is not created by two server locations. That is a joke.
2. Paypal and cc merchants automatically block your account if the IP changes or if it is seen to be a proxy. That is a fact. Not providing a solution to this problem is a negative.
3. ISPs provide IPs that change within the IP group, not the underlying IP which is what a VPN does if you are using different servers. What you write is misleading.
4. Read the New York Times article dated 9.27.10:http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1

“U.S. Tries to Make It Easier to Wiretap the Internet”
CryptoHippie’s US arm will receive a court order and their defense will be that they don’t have access to the Panama company logs. The US officers of the company will be in breach of a court order and liable to penalties and jail time. You are misleading your customers if you want them to believe that you wont cave in. To quote the article:
“No one should be promising their customers that they will thumb their nose at a U.S. court order,” Ms. Caproni said. “They can promise strong encryption. They just need to figure out how they can provide us plain text.”

Technically your review is lacking. Simply try several ip address sites and you will discover some of them showing a Netherlands ip and others a German ip. If they did not have a network of entry and exit nodes with cascading how would it even be possible to have ip addresses from different countries during a single session? Why would you want this type of advanced network to provide you with a fixed ip? It would completely defeat the whole purpose of using it. Paypal and merchant sites cannot block you based on a dynamic ip. Nearly all ISPs use dynamic addresses which means blocking this kind of traffic is akin to killing all e-commerce. The multihopping works exactly as described on this documentation page:

The fact that the management is in the US is beside the point. Cryptohippie.COM only sells logins/accounts and Cryptohippie.NET, a separate Panama entity, operates the network thus making subpoenas for traffic usage from Cryptohippie.COM useless. They don’t have them.

The recent revelation that the National Security Agency was able to eavesdrop on the communications of Google and Yahoo users without breaking into either company’s data centers sounded like something pulled from a Robert Ludlum spy thriller. How on earth, the companies asked, did the N.S.A. get their data without their knowing about it? The most likely answer is a modern spin on a century-old eavesdropping tradition.